[sheepdog-users] [PATCH stable-0.8 12/22] fec: fix buffer overrun

Hitoshi Mitake mitake.hitoshi at lab.ntt.co.jp
Mon Feb 24 08:07:00 CET 2014


From: MORITA Kazutaka <morita.kazutaka at lab.ntt.co.jp>

After all the parities are set to out[], p will increase beyond
ctx->dp.  This adds a check for it.

This also adds assert() to make sure that we don't overrun the buffer.

Signed-off-by: MORITA Kazutaka <morita.kazutaka at lab.ntt.co.jp>
---
 lib/fec.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/fec.c b/lib/fec.c
index 7d897e4..5d627f5 100644
--- a/lib/fec.c
+++ b/lib/fec.c
@@ -602,9 +602,10 @@ static inline void decode_prepare(struct fec *ctx, const uint8_t *dp[],
 			out[i] = dp[i];
 			outidx[i] = i;
 		} else {
+			assert(p < ctx->dp);
 			out[i] = dp[p];
 			outidx[i] = p;
-			while (!dp[++p])
+			while (++p < ctx->dp && !dp[p])
 				;
 		}
 	}
-- 
1.7.10.4




More information about the sheepdog-users mailing list